Thursday, January 31, 2013

The omnibus HIPAA Privacy and Security final rule HHS released on Jan. 17 answered some questions, provided necessary guidance in certain areas — but some of the thorniest issues, data breach notification among those, are still cryptic enough that lawyers and privacy officers will still face difficult judgment calls every time a laptop is lost or stolen.

Bob Belfort is one such lawyer. As a partner in the healthcare practice at Manatt, Phelps & Phillips, Belfort works with states and providers on health IT and related public policy issues, and frequently helps clients craft breach notifications. Belfort weighs in on changes to data breach notification, fundraising practices, the lack of a bright line test, business associates and why the problems associated with a lost laptop are not going away.

Q: What are the main points you were looking for in the final rule?

A: The one that will probably get the most attention is the definition of a breach. There's been a lot of controversy over the risk of harm standard. In the proposed rule there would be no breach unless there was significant risk of harm to the individual. [HHS] announced a while ago that they were rethinking that standard and in this rule they back off the risk of harm standard and replaced with an assessment of whether the improper disclosure compromised the privacy and security of protected health information so basically the burden is on the covered entity to show that there's a low probability that the information has been compromised.

There are two changes there. First, the focus of the assessment is no longer on the harm to the patient but whether the information has been compromised and, second, the burden of proof is clearly on the covered entity so if that can't be determined pretty clearly that there is a low probability the information has been compromised, the covered entity has to treat it as a breach.

HHS tried to navigate a middle ground between privacy advocates who were arguing that any improper disclosure should be treated as a breach and opponents in the industry who were basically okay with the risk of harm standard and wanted to retain that and HHS staked that middle ground between those two. So I think that's going to have a big impact on how incidents are assessed for breach notification purposes.

Q: What other privacy changes are important to your clients?

A: An area that hasn't gotten as much attention in the past but I know is a big one for my hospital clients is the change to the fundraising rule. Under the previous HIPAA privacy rule, a hospital could only use limited demographic information about its patients for fundraising purposes. Many of my hospital clients have had an interest in targeting fundraising based on the nature of the services a patient received or who their doctor was, and having doctors make personal appeals to the patients, or targeting, say, cancer fundraising at people who had been treated for cancer. They really were not permitted to do that under the prior rule.

Now that's been loosened so that information about the type of department a patient was in within the hospital and who their physician was can be used to target fundraising. So I think that's going to make a lot of the hospitals happy as it gives them more opportunity to target their fundraising.

You might learn a great deal in school, but it's doubtful that you'll actually develop as a leader by reading a book or taking a course. The military is right about experiential development: People grow and become leaders by making a commitment to a cause, and having personal responsibility and accountability.

For those of us in civilian life, there are also ways for us to develop as leaders through experience: through volunteer service. There are myriad nonprofit missions from which to choose, roles and positions in which to engage that are meaningful and productive, and paths for personal and professional advancement.

Nonprofit board service is particularly compelling for business people and professionals seeking to develop as leaders. While the CEOs and staffs of nonprofits build and run programs and services, boards of directors provide strategic and financial leadership to ensure each organization's vitality, integrity, and fulfillment of its mission. Business people who bring valuable skills and experience as well as diverse backgrounds and perspectives are uniquely equipped to help regional, national, and global organizations to achieve success in addressing poverty, education, health care, conservation of natural resources, and other key issues.

Through nonprofit board experience, business people participate with the CEO in envisioning an organization's greater potential, creating the revenue model, and achieving success. In fact, nonprofit board service is the ultimate experience in ethics, accountability, leadership, group dynamics, and crisis management and communications.

Here's the secret to making the most of a service experience:

Choose a cause that's meaningful to you, and where you like the people. Determine how you can be useful--whether helping with strategic planning, inviting friends to a fundraiser, serving on the advisory council, or serving on the board. If you'll be serving on the board, be clear about what will be expected of you so that you can fully commit yourself. Be open to opportunities to raise your hand and say, "I'll help." Before you know it, you could be chairing a committee, and eventually perhaps serving as a board officer. (And women, take note: When it comes to nonprofit boards, there's rarely a glass ceiling.) Be alert to potential mentors--on the board where you serve and among your friends and colleagues. Talk with other people who serve on boards to share experiences, lessons, and advice.

Be open to opportunities to raise your hand and say, "I'll help." Before you know it, you could be chairing a committee, and eventually perhaps serving as a board officer. (And women, take note: When it comes to nonprofit boards, there's rarely a glass ceiling.)

Be alert to potential mentors--on the board where you serve and among your friends and colleagues. Talk with other people who serve on boards to share experiences, lessons, and advice.

Always remember the mission. It must be at the forefront of your mind as you participate in discussions and make decisions.

Be generous with your time and your contributions.

Help to recruit and mentor the next wave of volunteers to assist in developing them as leaders.

Once you get involved, you'll be surprised at how aware you will become of who's a thoughtful leader who gets things done, and who's not. Whom you want to emulate, and whom you don't. And then books and various readings on leadership development and board governance will become more meaningful in light of your personal experience.

Having volunteered since I was 10 years old, built and run a nonprofit enterprise that engaged tens of thousands of corporate and community volunteers in service to hundreds of nonprofits, and consulted to global corporations on corporate social responsibility (CSR), I've seen firsthand the power of service in fostering leadership development. Most of the hundreds of business people I've trained and placed on boards have ascended to board leadership positions; the key has been that the match was right, and the board candidate was committed and ready to say, "I'll help."

Through service, you have tremendous opportunities to develop as a leader, become a more valuable professional where you work, and make a meaningful contribution in improving your community and the world.

advantages of integrating a chat and alerts module in a live web application

Itech Solution has been designing many dynamic web application using java/j2ee technologies.

Itech solution has successfully developed a web application for many domains like health care , photo journal and it's planning to develop a web application for franchise management system very shortly. Itech solution has kept on trying to come up with new features in the web application for self satisfaction as well as to keep the client's happy with the new features.

Recently itech has come up with the new idea in their web application like sending alert and chat options in the web application. Based on the requirement from clients, itech give access permission to these features.

Alerts can be used to send messages to any users within a web application, alert can be received to the users and they can even reply to it using pre-defined alerts(Templates) or they can even create their own message in the provided options. In case, if the user is off-line they can see the alerts as a pop-up when they come on-line.

Chat option is available to all, based on the access permission given by the itech as per client requirement. It is like a public chat in the web applications. All users who are online can use chat as same as other web application like facebook and gtalk.

Advantage of providing alert and chat options in the web-application makes life easy for the users. They can interact with each other. It makes easy to get the solution in case of any problem they are facing in the application. Any expertise can guide them to get the solution and use web the application in the appropriate manner.

Authorities in China are believed to have shut down a domestic Internet search engine, which was known to provide access to pirate content to the users.

Gougou. com, the site which was run by Chinese web firm Xunlei, was blacklisted by the US due to its links to the pirated content. The closure comes weeks after the website was added to the US Trade Representative's report on major copyright offenders.

Visitors to the site are greeted with the message in two languages informing them that the site has now been closed. The message on the site reads, "Gougou. com has been closed down. Thank you all for your support, and we are sorry for any inconvenience."

Xunlei had planned to get listed on a stock exchange in the US but had to cancel its plans due to pirated content on its Gougou search service and via its Xunlei P2P sharing platform. There are suggestions that the Xunlei is looking to comply with the regulations and closure of the site might be part of the company's efforts to clean up its business.

According to a Wired report, Web search biggie Google has - in a paper to be published later this month - put forth a fervent argument for replacing the traditional Internet `password' mechanism with a physical token, like a "smart ring" or a card which can connect to the computer through the USB slot.

As per the Wired report, the paper has been co-authored by Google's VP of security Eric Grosse and engineer Mayank Upadhyay; and will be published in a forthcoming edition of the journal IEEE Security & Privacy Magazine.

In the paper, Grosse and Upadhyay have chiefly outlined their vision for an Internet scenario sans any passwords. Drawing attention to the fact that passwords have proved to be one of the weakest points of digital security, the Google executives have emphasized the need for dedicated devices; thus making a case for the abolition of passwords.

Highlighting the difficulty which most Internet users have in creating as well as remembering strong and unique passwords for their different online services, Grosse and Upadhyay have said in the paper that they, like a number of other people in the Internet industry, are of the opinion that "passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe."

Proposing an alternative to passwords, Grosse and Upadhyay have reportedly said in the paper: "We'd like your smartphone or smartcard-embedded finger ring to authorise a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity."Click here to view this articleItech solutions website